opcua.crypto package¶
Submodules¶
opcua.crypto.security_policies module¶
-
class
opcua.crypto.security_policies.
Cryptography
(mode=<MessageSecurityMode.Sign: 2>)[source]¶ Bases:
opcua.ua.uaprotocol_hand.CryptographyNone
Security policy: Sign or SignAndEncrypt
-
class
opcua.crypto.security_policies.
Decryptor
[source]¶ Bases:
object
Abstract base class for decryption algorithm
-
class
opcua.crypto.security_policies.
Encryptor
[source]¶ Bases:
object
Abstract base class for encryption algorithm
-
class
opcua.crypto.security_policies.
SecurityPolicyBasic128Rsa15
(server_cert, client_cert, client_pk, mode)[source]¶ Bases:
opcua.ua.uaprotocol_hand.SecurityPolicy
DEPRECATED, do not use anymore!
Security Basic 128Rsa15 A suite of algorithms that uses RSA15 as Key-Wrap-algorithm and 128-Bit (16 bytes) for encryption algorithms. - SymmetricSignatureAlgorithm - HmacSha1
- SymmetricEncryptionAlgorithm - Aes128 (http://www.w3.org/2001/04/xmlenc#aes128-cbc)
- AsymmetricSignatureAlgorithm - RsaSha1 (http://www.w3.org/2000/09/xmldsig#rsa-sha1)
- AsymmetricKeyWrapAlgorithm - KwRsa15 (http://www.w3.org/2001/04/xmlenc#rsa-1_5)
- AsymmetricEncryptionAlgorithm - Rsa15 (http://www.w3.org/2001/04/xmlenc#rsa-1_5)
- KeyDerivationAlgorithm - PSha1 (http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1)
- DerivedSignatureKeyLength - 128 (16 bytes)
- MinAsymmetricKeyLength - 1024 (128 bytes)
- MaxAsymmetricKeyLength - 2048 (256 bytes)
- CertificateSignatureAlgorithm - Sha1
If a certificate or any certificate in the chain is not signed with a hash that is Sha1 or stronger then the certificate shall be rejected.
-
AsymmetricEncryptionURI
= 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'¶
-
AsymmetricSignatureURI
= 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'¶
-
URI
= 'http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15'¶
-
signature_key_size
= 16¶
-
symmetric_key_size
= 16¶
-
class
opcua.crypto.security_policies.
SecurityPolicyBasic256
(server_cert, client_cert, client_pk, mode)[source]¶ Bases:
opcua.ua.uaprotocol_hand.SecurityPolicy
DEPRECATED, do not use anymore!
Security Basic 256 A suite of algorithms that are for 256-Bit (32 bytes) encryption, algorithms include: - SymmetricSignatureAlgorithm - HmacSha1
- SymmetricEncryptionAlgorithm - Aes256 (http://www.w3.org/2001/04/xmlenc#aes256-cbc)
- AsymmetricSignatureAlgorithm - RsaSha1 (http://www.w3.org/2000/09/xmldsig#rsa-sha1)
- AsymmetricKeyWrapAlgorithm - KwRsaOaep (http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p)
- AsymmetricEncryptionAlgorithm - RsaOaep (http://www.w3.org/2001/04/xmlenc#rsa-oaep)
- KeyDerivationAlgorithm - PSha1 (http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1)
- DerivedSignatureKeyLength - 192 (24 bytes)
- MinAsymmetricKeyLength - 1024 (128 bytes)
- MaxAsymmetricKeyLength - 2048 (256 bytes)
- CertificateSignatureAlgorithm - Sha1
If a certificate or any certificate in the chain is not signed with a hash that is Sha1 or stronger then the certificate shall be rejected.
-
AsymmetricEncryptionURI
= 'http://www.w3.org/2001/04/xmlenc#rsa-oaep'¶
-
AsymmetricSignatureURI
= 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'¶
-
URI
= 'http://opcfoundation.org/UA/SecurityPolicy#Basic256'¶
-
signature_key_size
= 24¶
-
symmetric_key_size
= 32¶
-
class
opcua.crypto.security_policies.
SecurityPolicyBasic256Sha256
(server_cert, client_cert, client_pk, mode)[source]¶ Bases:
opcua.ua.uaprotocol_hand.SecurityPolicy
Security Basic 256Sha256 A suite of algorithms that uses Sha256 as Key-Wrap-algorithm and 256-Bit (32 bytes) for encryption algorithms.
- SymmetricSignatureAlgorithm_HMAC-SHA2-256 https://tools.ietf.org/html/rfc4634
- SymmetricEncryptionAlgorithm_AES256-CBC http://www.w3.org/2001/04/xmlenc#aes256-cbc
- AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1 http://www.w3.org/2001/04/xmlenc#rsa-oaep
- KeyDerivationAlgorithm_P-SHA2-256 http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha256
- CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- Basic256Sha256_Limits
- -> DerivedSignatureKeyLength: 256 bits -> MinAsymmetricKeyLength: 2048 bits -> MaxAsymmetricKeyLength: 4096 bits -> SecureChannelNonceLength: 32 bytes
-
AsymmetricEncryptionURI
= 'http://www.w3.org/2001/04/xmlenc#rsa-oaep'¶
-
AsymmetricSignatureURI
= 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'¶
-
URI
= 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'¶
-
signature_key_size
= 32¶
-
symmetric_key_size
= 32¶
-
class
opcua.crypto.security_policies.
Signer
[source]¶ Bases:
object
Abstract base class for cryptographic signature algorithm
-
class
opcua.crypto.security_policies.
Verifier
[source]¶ Bases:
object
Abstract base class for cryptographic signature verification
opcua.crypto.uacrypto module¶
-
opcua.crypto.uacrypto.
p_sha1
(secret, seed, sizes=())[source]¶ Derive one or more keys from secret and seed. (See specs part 6, 6.7.5 and RFC 2246 - TLS v1.0) Lengths of keys will match sizes argument